Trojan horse

My weekly scan showed that I have two Trojan horses. There are two different file names, but the malware name for both of them is the same: win32Agent XQS[trJ]. Avast suggested that I put both of them in the chest, which I have done. Is there anything else that I should do?

Thank you.
Caryl

Hi…

Can you tell us what files they infected?

Depending on what was actually infected, Applications and/or processes could be affected.

Best regards…

Can you tell us what files they infected?

C:\Program Files\InstallShieldInstallationInformation\D{D14E3D40-2

C:\System Volume Information-restore {3141675-6CBE-4639-8F67

Hi…

Please turn off the System Restore function in case there are any malware still hanging around in this section of Windows.

Also, using Internet Explorer, go to Ewido and perform an online scan to make sure there is nothing left on your drive…

http://www.ewido.net/en/onlinescan/

Delete any entries that comes up, particularly those that have a red circle to the left.

After the scan is finished, (if you’re using Windows XP, Vista uses a different route,) click on “Start”---->“Run” and then type in “chkdsk /r” (without the quotation marks.) It will probably tell you that it needs to perform the scan next bootup, enter “yes.”

Please post back with the results. :slight_smile:

Best Regards…

I suggest:

  1. Disable System Restore and reenable it after step 3.
  2. Clean your temporary files.
  3. Schedule a boot time scanning with avast with archive scanning turned on.
  4. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
  5. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
  6. Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.
  7. Immunize your system with SpywareBlaster or Windows Advanced Care.
  8. Check if you have insecure applications with Secunia Software Inspector.

I have done this and deleted all items. There was only one with a red circle. Attached is the ewido-report.

After the scan is finished, (if you're using Windows XP, Vista uses a different route,) click on "Start"---->"Run" and then type in "chkdsk /r" (without the quotation marks.) It will probably tell you that it needs to perform the scan next bootup, enter "yes."

I did this and there were no problems.

Thank you for your help.

Hello,
Tried to do an online scan using Ewido. Unfortunately, the link shown by ardvark has a picture (I think) under the “When a dialog box appears …” that just has a little red cross at its top left.

I think that maybe a setting in my Internet Explorer is preventing it being shown. Does anyone know what this setting might be?
Thanks
Frank1

Hi Frank…

You have to install the ActiveX control. :slight_smile:

A yellow bar should come down from the top of the browser to prompt you to install it, does this show up at all for you?

Best Regards…

Hi…

Your welcome! :slight_smile:

And thank you for posting the log.

Just as a helpful pointer, To reduce the number of cookies coming into your system, download and install (and update) SpywareBlaster located here…

http://www.download.com/SpywareBlaster/3000-8022_4-10196637.html?part=dl-SpywareBl&subj=dl&tag=button&cdlPid=10814511

Also, modify your Internet Explorer Privacy settings to block third party cookies. This option will be in the “Advanced” button.

Best Regards…

Also, modify your Internet Explorer Privacy settings to block third party cookies. This option will be in the "Advanced" button.

Instructions for all browsers with screenshots here:

http://www.geocities.com/dontsurfinthenude/cookies.htm

ardvark, I am not shown a yellow bar at the top of Internet Explorer.
Not sure which settings about ActiveX I need to turn on in the Internet Options/Advanced tab.
Frank1

ardvark, found the problem with Internet Explorer. I launched IE as an Admin user and got the popup to download the ActiveX.
Now runing Ewido.
Thanks a lot.
Frank1

After following Ardwark’s suggestions I followed yours from number 4 on.
4. I installed SUPERantispyware and found 157 adware tracking cookies. I put them in quarantine.
5. I used avast! antirootkit and no rootkits were found.
6. Attached is the Hijack This log.
7. I installed SpywareBlaster.
8. I tried checking with Secunia Software Inspector but got this message: “There might be problems loading the Java Applet in your browser. If you are sure that Java is installed and functional, then please press OK to proceed anyway.” I pressed OK and got the first sentence again and nothing happened.

Thank you for your help. Hopefully everything will work correctly from now on.

Thanks. I already downloaded this at Tech’s suggestion and will keep it updated.

Also, modify your Internet Explorer Privacy settings to block third party cookies. This option will be in the "Advanced" button.

My setting was medium, so I changed it to medium high as per the site recommended by Freewheeling Frank.

Hopefully my next weekly scan will not show any problem areas.

Thanks for this website. I changed my setting from medium to medium high as shown in the screenshot.

I appreciate all the help I have received from everyone.